ngx-soap icon indicating copy to clipboard operation
ngx-soap copied to clipboard
verified publisher icon lula

NTLM Authorization returns 401 with otherwise working credentials

Open jawhinge opened this issue 6 years ago • 6 comments

Here's my client:

constructor(private soap: NgxSoapService) {
        this.soap.createClient(URL-TO-WSDL)
          .then(client => {
            console.log('Client', client);
            client.setSecurity(new security.NTLMSecurity(username, password, DOMAIN, USER-PC ));
            this.client = client;
            
          })
          .catch(err => console.log('Error', err));
      }

The URL-TO-WSDL resolves in chrome and asks for a username and password. It's reachable in Postman with the credentials I supply for auth. However, the same credentials don't work when trying to call with this library.

The specifics:

  • the SOAP API is MS Dynamics NAV 2017
  • the API server is not configured to send CORS Allow-Origin headers but I make my browser ignore that (via a CORS plugin)
  • I don't have any other functionality aside from trying to initialize a client and get the wsdl
  • My requests reach the server and are responded to (401 Unauthorized) but they don't show on the NAV logs.

Any idea what I am doing wrong?

jawhinge avatar Jan 10 '19 12:01 jawhinge

Hello @Clawfngr!

  1. Have you tested with a proxy to be totally sure CORS is really not an issue? CORS issues are sneaky 😄. ~~2. Have you do the same test with node soap module (this lib is just a port of it aimed to work on browsers)?. I quickly checked the code and I haven't found any significant difference.~~

Sorry, I was to quick on answering. Though point 1 may still be true I went further with checking and found quite differences. I have to check on those and see how to port them (if possible).

lula avatar Jan 10 '19 21:01 lula

I work with a service that has limited availability - access is limited to my endpoint and accessing via a an external proxy doesn't work. I've tested with a local proxy and I still got the same results.

For the time being I've opted out for actually building a RESTful converter as a local nod API and the nod module you mentioned works well with a few alterations:

  • for the SOAP requests I use a specific rewrite of that module - soap-ntlm
  • the module makes the initial AUTH request with the httpntlm module using a get request and only a username and password. From then on everything is business as usual with the soap module as far as I can tell (in coding, haven't looked under the hood).

If I can be in any way useful, I'll be on standby. Thank you for your prompt reply :)

jawhinge avatar Jan 11 '19 09:01 jawhinge

I should have reestablish the logic about NTLM. Well, at least I hope so 😄. Anyway, I was pretty sure I commented it our before as it had some problems with the browsers (I'm not completely sure this lib is also for browsers). However, it did compile and I was able to run the test app (without ntlm though...)

I published the 0.6.1-beta.0 release. Please install it, then install httpntlm dependency and finally test 😃. I'm sorry to (ab)use you for testing but I have no real knowledge about NTLM authentication and I have also have no idea on how to quickly create a test environment for it 😢 . Thank you!!

lula avatar Jan 13 '19 17:01 lula

Sorry but I'll have to get back at you with test results with a little latency because I'm currently busy. I'll try it out and send results asap :) thanks you for your assistance!

jawhinge avatar Jan 14 '19 13:01 jawhinge

No worries! Thanks to you!

lula avatar Jan 14 '19 13:01 lula

@lula How to create NTLM authenticate: NTLM is a window authentication protocol, so to create environment NTLM to test, you need to create a SOAP with Window network credential. I have tested @0.6.0, still does not work. It throws 401 with createClient method before we setSecurity.

Thanks/Cuong

cuongqle avatar May 26 '19 10:05 cuongqle